diff --git a/.github/workflows/README.md b/.github/workflows/README.md
index cc4a94de..a29715dc 100644
--- a/.github/workflows/README.md
+++ b/.github/workflows/README.md
@@ -49,6 +49,16 @@ the `renv.lock` file, respectively. If there is a problem with the cache,
 manual invaliation is necessary and can be done by setting the `CACHE_VERSION`
 secret to the current date.
 
+### Deploy to AWS (deploy-aws.yaml)
+
+If you have an AWS bucket that is set up to deploy the site from a folder, this
+workflow will deploy the site to that folder after `01 Build and Deploy` runs.
+It can also be triggered manually.
+
+Note: for this to work, you must have the `AWS_S3_BUCKET`, `AWS_ACCESS_KEY_ID`,
+and `AWS_SECRET_ACCESS_KEY` in your repository secrets. If any of these are
+missing, the workflow will not run.
+
 ## Updates
 
 ### Setup Information
diff --git a/.github/workflows/deploy-aws.yaml b/.github/workflows/deploy-aws.yaml
new file mode 100644
index 00000000..d154a7da
--- /dev/null
+++ b/.github/workflows/deploy-aws.yaml
@@ -0,0 +1,60 @@
+name: "Deploy to AWS"
+
+on:
+  workflow_run:
+    workflows: ["01 Build and Deploy Site"]
+    types:
+      - completed
+  workflow_dispatch:
+
+jobs:
+  preflight:
+    name: "Preflight Check"
+    runs-on: ubuntu-latest
+    outputs:
+      ok: ${{ steps.check.outputs.ok }}
+      folder: ${{ steps.check.outputs.folder }}
+    steps:
+      - id: check
+        run: |
+          if [[ -z "${{ secrets.AWS_S3_BUCKET }}" || -z "${{ secrets.AWS_ACCESS_KEY_ID }}" || -z "${{ secrets.AWS_SECRET_ACCESS_KEY }}" ]]; then
+            echo ":information_source: No site configured" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "To deploy on AWS, you need the `AWS_S3_BUCKET`, `AWS_ACCESS_KEY_ID`, and `AWS_SECRET_ACCESS_KEY` secrets set up" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "::set-output name=folder::"$(sed -E 's^.+/(.+)^\1^' <<< ${{ github.repository }})
+            echo "::set-output name=ok::true"
+          fi
+    
+  full-build:
+    name: "Deploy to AWS"
+    needs: [preflight]
+    if: ${{ needs.preflight.outputs.ok }}
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: "Checkout site folder"
+        uses: actions/checkout@v3
+        with:
+          ref: 'gh-pages'
+          path: 'source'
+
+      - name: "Deploy to Bucket"
+        uses: jakejarvis/s3-sync-action@v0.5.1
+        with:
+          args: --acl public-read --follow-symlinks --delete --exclude '.git/*'
+        env:
+          AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          SOURCE_DIR: 'source'
+          DEST_DIR: ${{ needs.preflight.outputs.folder }}
+
+      - name: "Invalidate CloudFront"
+        uses: chetan/invalidate-cloudfront-action@master
+        env:
+          PATHS: /*
+          AWS_REGION: 'us-east-1'
+          DISTRIBUTION: ${{ secrets.DISTRIBUTION }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}